From 68deb62b38b117785638d08f5bd290d711803111 Mon Sep 17 00:00:00 2001
From: Luke Granger-Brown <hg@lukegb.com>
Date: Wed, 18 Nov 2020 01:49:44 +0000
Subject: [PATCH] swann: enable coredns and use google public DNS over TLS

---
 ops/nixos/swann/default.nix | 69 +++++++++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)

diff --git a/ops/nixos/swann/default.nix b/ops/nixos/swann/default.nix
index d4d0b9038d..660894de66 100644
--- a/ops/nixos/swann/default.nix
+++ b/ops/nixos/swann/default.nix
@@ -135,14 +135,83 @@ in {
     interfaces.ens-general = {
       allowedTCPPorts = [
         8080 6789  # Unifi
+        53  # DNS
       ];
       allowedUDPPorts = [
         3478 10001  # Unifi
+        53  # DNS
       ];
     };
   };
 
+  services.ddclient = {
+    enable = false;
+    protocol = "cloudflare";
+    domains = ["home.lukegb.com"];
+    zone = "lukegb.com";
+    password = secrets.cloudflareCredentials.token;
+    use = "if";
+    extraConfig = ''
+      if=ens-virginmedia
+      daemon=0
+    '';
+  };
+  systemd.services.ddclient.serviceConfig.ExecStart = let
+    ddclient = pkgs.perlPackages.buildPerlPackage rec {
+      pname = "ddclient";
+      version = "3.9.1";
+      src = pkgs.fetchFromGitHub {
+        owner = "ddclient";
+        repo = "ddclient";
+        rev = "11a583b003920f8e15591813598b70061d1a4654";
+        sha256 = "sha256:1xz09vkii3mc2jmfwx9is07i06iiryv51571vdnl4m5mdnvsmlwb";
+      };
+      outputs = [ "out" ];
+      doCheck = false;
+      buildInputs = with pkgs.perlPackages; [ IOSocketSSL DigestSHA1 DataValidateIP JSONPP ];
+      nativeBuildInputs = with pkgs; [ autoreconfHook makeWrapper ];
+      preConfigure = ''
+        touch Makefile.PL
+      '';
+      postInstall = ''
+        patchShebangs $out/bin/ddclient
+        wrapProgram $out/bin/ddclient \
+          --suffix PATH : ${lib.makeBinPath (with pkgs; [ pkgs.iproute ])} \
+          --prefix PERL5LIB : $PERL5LIB
+      '';
+    };
+    RuntimeDirectory = "ddclient";
+  in lib.mkForce "${lib.getBin ddclient}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf";
+
   environment.systemPackages = with pkgs; [];
 
+  services.coredns = {
+    enable = true;
+    config = ''
+      .:53 {
+        bind 192.168.1.1 127.0.0.53
+        acl {
+          allow net 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.0/8
+          block
+        }
+        loadbalance
+        forward . tls://8.8.8.8 tls://8.8.4.4 {
+          tls_servername dns.google
+        }
+        cache {
+          success 4096
+          denial 1024
+          prefetch 512
+        }
+        prometheus :9153
+        errors
+        log
+      }
+    '';
+  };
+  networking.resolvconf.extraConfig = ''
+    name_servers='127.0.0.53'
+  '';
+
   system.stateVersion = "21.03";
 }